PC Control
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly consistent with its purpose, but it gives broad desktop-control power through a hidden local server that does not appear to auto-shut down.
Install only if you intentionally want an agent to control your Windows GUI. Use it on a private machine, keep sensitive windows closed, verify each action, and stop the server when done. Prefer safer CLI or PowerShell methods when available.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent clicks or types in the wrong place, the usual mouse-corner emergency stop may not work, increasing the chance of unintended desktop actions.
The server disables PyAutoGUI's default emergency fail-safe while exposing mouse and keyboard control endpoints. For a desktop automation tool, this reduces the user's ability to stop runaway or mistaken actions.
pyautogui.FAILSAFE = False
Keep PyAutoGUI's fail-safe enabled unless there is a documented reason to disable it, and require explicit user confirmation before risky clicks, typing, hotkeys, or destructive GUI actions.
The local control service may keep running after the immediate task, leaving desktop-control capability available to any local process that can obtain the token.
The launcher starts the Windows control server as a hidden process. Combined with the broad screenshot/mouse/keyboard authority and no visible auto-shutdown enforcement, this creates a persistence risk beyond a single visible interaction.
f"-WindowStyle Hidden"
Implement and document the auto-shutdown timer, show clear running/stopped status, and encourage users to run `python3 scripts/launcher.py stop` immediately after use.
Installation depends on whatever package versions are available at install time, which can change behavior or inherit upstream supply-chain risk.
The installer downloads unpinned PyPI packages into the Windows Python environment. These dependencies are expected for the skill, but versions and hashes are not pinned.
DEPS = ["fastapi", "uvicorn", "mss", "pyautogui", "pillow"]
cmd = f"& '{PY}' -m pip install {' '.join(DEPS)}"Pin dependency versions, consider using hashes or a lockfile, and install only from trusted package indexes.
Any local process or user that can read the token file could send commands to the local control server while it is running.
The server creates a bearer token and writes it to a local file. This is appropriate for local client authentication, but that file becomes the permission boundary for desktop control.
AUTH_TOKEN = secrets.token_urlsafe(32) AUTH_TOKEN_FILE = Path(__file__).parent.parent / ".auth_token" ... AUTH_TOKEN_FILE.write_text(AUTH_TOKEN)
Restrict permissions on `.auth_token`, remove it on shutdown, and avoid running the server on shared machines.
Sensitive content visible on screen may remain in temporary files after the task finishes.
Screenshots returned by the server are decoded and stored as non-auto-deleted temporary image files. This is purpose-aligned, but screenshots may contain sensitive desktop information.
tmp = tempfile.NamedTemporaryFile(suffix=".jpg", delete=False) tmp.write(img_bytes)
Close or hide sensitive windows before use, and delete temporary screenshot files after analysis.